Hide it with encryption, display it with performance

Brandon Niemczyk

Prasad Rao

A network protocol has performance requirements. In order to address these requirements, many implementations will leak some side-channel information, indicating how a tunnel is being used. Particularly approximate packet sizes and timing can be tied to a particular use of an encrypted tunnel. Pacumen is an open-source tool which can learn what a specific application “looks like” over an encrypted tunnel and can be trained to recognize the application being used without decryption. We will go into a deep-dive about the algorithm used and how it works, as well as talk about how best to measure its performance and utilize it in the real world.